ShippooorDAO
Cooldown and redeem windows can be rendered useless.
Could be used for voting power attacks using flash loan if voting process is not monitored
<https://www.coindesk.com/tech/2020/10/29/flash-loans-have-made-their-way-to-manipulating-protocol-elections/>
A few ways to mitigate this problem:
Option A: Remove the cooldown/redeem period as itβs not really preventing much in current state.
Option B: Let the contract start the cooldown on mint, and bind the cooldown/redeem window to the amount that was minted at that time by the account. Donβt make sNOTE.startCooldown() available externally. Redeem should verify amount of token available using this new logic.
The text was updated successfully, but these errors were encountered:
All reactions